High-quality care is the goal of all dentists and dental practices. This care not only includes proper consideration for direct patient diagnosis and treatment, but also care and protection of the patient’s right to the confidentiality and proper management of their Protected Health Information (PHI). These rights are federally protected by Health Insurance Portability and Accountability Act (HIPAA) regulations, and breaches of the provisions contained therein carry harsh penalties.

Many misconceptions about the proper handling of PHI have been circulating in the dental profession. Some adjunctive support service businesses that assist dentists by facilitating electronic contact with patients may actually be doing so in an inappropriate manner by establishing this contact through unencrypted emails and text messages. Neither of these forms of communication complies with government regulations.

Regarding patient relationship management through electronic means, the American Dental Association has provided a downloadable document to allow unencrypted email transmissions, whether they are being sent from dental offices directly to patients, to another dental office, or to any other health professional. This document may be obtained at www.ada.org by logging in to the Member Center and accessing: “Emailing Patient Information: A Resource for Dental Practices.” This five-page document, along with appropriate privacy practices forms, must be reviewed and signed by the patient before any collection of the patient’s email address on practice intake forms and certainly before any unencrypted emails may be sent, including even simple appointment reminders, if the practice is to remain compliant.1,2

An appointment reminder to a patient from his or her dentist may seem rather harmless, but consider the following scenario: A reminder is emailed to a patient from an oncologist physician and is inadvertently read by a family member of the patient. The specialty of the healthcare professional in and of itself could suggest a diagnosis of malignancy. The patient is, in turn, approached by a concerned relative and the parties become involved in a discussion of the reason for the appointment. This may initiate a violation. The rules for dentists and other health professionals must be consistent across the board, even if a breach carries a low risk that sensitive information will be compromised.3

Conversely, some electronic communications are actually required by law. New York State health professionals who wish to prescribe a pharmaceutical must do so by electronic means to remain compliant with the state’s new e-prescribing regulation signed into law by the governor. Pharmacists within the state will disallow paper prescriptions with rare exception. More states are anticipated to follow New York’s precedent.3

In the not-too-distant future, all patient records will be required to be collected in a format known as Electronic Health Records (EHRs) with the use of practice management software. These will be uploaded to cloud-based storage systems, which will presumably be highly secure. Patients will be able to access any and all of their health records and will be able to grant access to healthcare professionals involved in their treatment to facilitate Health Information Exchange (HIE).3-5 Indeed, some dental practices may even need to communicate with themselves, as in the case of dentists with multiple office locations in which patients receive treatment.

Some of these cloud-based systems have already arrived and are available for practitioners who are adopting these processes ahead of any regulations. The new area of informatics, defined as the integration and delivery of information across healthcare specialty boundaries to better provide for patients, has existed for only a few years. Dentists must be prepared to embrace and utilize informatics resources, as these will eventually become the standard of care for all providers of health-related services.3

Continual improvements are being made in informatics technology as challenges are brought to light, such as interoperability and access to third-party payers. Dentists must not attempt to “sit on the sidelines” while these changes in recording and transfer of PHI are being implemented by their colleagues. From a legal perspective, if a beneficial technology is available for use by a healthcare practice and either underutilized or disregarded, that practice is considered liable for any adverse outcome due to the omission.3

The technology is in place, albeit in its infancy, to allow for facilitated meaningful information-sharing between and among patients and health professionals, including dentists. This process can be accomplished if proper care is exercised, in a secure and confidential manner adhering to HIPAA regulations and streamlining the essential communications that are a necessary part of dentistry.